Miniflux: run postgres as app user

2025-08-04 09:15:37 +03:00
parent 35f1abd718
commit b4cddb337a
2 changed files with 6 additions and 2 deletions
--- a/files/miniflux/docker-compose.yml.j2
+++ b/files/miniflux/docker-compose.yml.j2
@@ -35,15 +35,18 @@ services:
  miniflux_postgres:
    image: postgres:16.3-bookworm
    container_name: miniflux_postgres
+    user: "{{ user_create_result.uid }}:{{ user_create_result.group }}"
    environment:
      - POSTGRES_USER={{ miniflux_postgres_user }}
-      - POSTGRES_PASSWORD={{ miniflux_postgres_password }}
+      - POSTGRES_PASSWORD_FILE=/secrets/miniflux_postgres_password
      - POSTGRES_DB={{ miniflux_postgres_database }}
    networks:
      - "miniflux_network"
      - "monitoring_network"
    volumes:
-      - {{ postgres_data_dir }}:/var/lib/postgresql/data
+      - "/etc/passwd:/etc/passwd:ro"
+      - "{{ secrets_dir }}:/secrets:ro"
+      - "{{ postgres_data_dir }}:/var/lib/postgresql/data"
    healthcheck:
      test: ["CMD", "pg_isready", "--username={{ miniflux_postgres_user }}", "--dbname={{ miniflux_postgres_database }}"]
      interval: 10s
--- a/playbook-miniflux.yml
+++ b/playbook-miniflux.yml
@@ -46,6 +46,7 @@
          - "miniflux_admin_password"
          - "miniflux_oidc_client_id"
          - "miniflux_oidc_client_secret"
+          - "miniflux_postgres_password"

    - name: "Copy docker compose file"
      ansible.builtin.template: